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(54) Public/privato key eneryption/docryptton 



(57) In a hybrid fiber-coax distribution n^work, 
communications between a central station and particular 
end stations are encrypted using a working key <WK) of a 
symmetric encryption scheme. The central station has a 
public and private key (PPK) of a PFK encryption scheme, 
and some of the end statiofts can also each have a 
respective PPK. To provide secure communications for 
each end station, if the end station has a PPK. then tiie 
respective WK is generated in the central station and 
communicated, erK^rypted using the end station's public 
key (PK), to the end station. OthenArise. the WK is 
generated in the end station and communicated, 
encrypted using the central station's PK, to ttra central 
station. An individual identifier for each end station, and a 
cryptographic signature at least for end stations not 
having a PPK. can t>e communicated to the central station 
for authentication of the end stations* 
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2309364 

FAOUTATING SECURE COMMUNICATIONS 
IN A DISTRIBUTION NETWORK 
•niis invendon relates to methods of facfliialing secure communicatioiis in a 
distribution network, such as for example a coaxial cable or hybrid fiber-coax (IffQ 
networic. 

paclrgmimd of the Invention 

A distribution network, such as an HFC network in which data is communicated 
to subscriber end stations via optical fiber and coaxial distribution cables, is a point-to- 
multipoint network in which data addressed to and intended for any particular subscriber 
is also inevitably suppUed via the nctworic to other subscribers. If the data is not 
soamblcd or encrypted, it can be easily monitored by these other subscribers, leading 
to a loss of subscriber privacy and a loss of revenues for data suppliers when the data 
(eg. television programs) is supplied for a fee. Accordingly, it is important to provide a 
desired level of security in Ae data comminicanais in a distribution network. 

While various encryption and deayptioo schemes are known, diese have a 
number of disadvantages associated with them in the environment of a distribution 
network. A significant factor in this respect is the cost and security of subscriber end 

stations. As a distribution networic wiU contain large numbers of subscriber end stations, 
itis commercially necessary thatthecostofeachendstatioohekqKrelativdy low. Itis 

dierefore dearable to avoid incorporating expensive security sdtemes in die subscriber 
end stations. However, subscriber end stations are also easily subject to dwft, tampering, 
and duplication, so thai complicated schemes have been considered necessary to provide 
adequate security. 

For example, a security scheme can be imiriememed uring an encryption key 
Di*ich can be stored in the subscriber end station. To iHevent access to the enoyption 
key, the store in the subscriber end station, and data lines to and from diis store, must also 
be made physically secure. This leads to extra con^Usdty and costs. Different 
subscribere may have differing security and privacy needs, wtech makes it desirable for 
the network to accommodate differing security schemes and end station costs. 

A further security-related desirable aspect of a <Ustribution netwoik is an ability fw 
authentication of subscriber end stations, typically using a unique end station identity 
which can be physicaUy incorpwatcd (e.g. hard wired) into the end station during 
manufacture. 

Encryption schemes can be divided into those involving public and private keys 
(PPK) and those involving symmetric keyi. In PPK schemes, a first station can 
distribute its public key. in accordance widi which a second station can encrypt data and 
send the encrypted data to the first station, which decrypts die data using its private key. 
Because the private key is retained at the first station, and is not practically discoverable 
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by other parties, PPK schemes aiccoQ^derod lobe se^^ However, the enoypdoo and 
decryption processes are relatively slow, so that stch scheaies are not practical for 
encryption of real-time high-speed data, such as tdevi^on program signals, for which 
distribution networks are primarily intended 
S In symmetric key schemes, a single key, referred to as a working key, is used by 

both of first and second stations to encrypt and decrypt data being communicated between 
the stations. The nature <tf die woridng key is such that encryption of real-time high- 
speed data, such as tdevisim program signals, is practicaL However, these schemes 
require that the working key be present in both stations, and make it (fesirable for the 

10 working key to be periodically changed or updated Thus synmietric key schemes require 
generation of a wcsking key in one of the stations or in a third station refened to as a key 
distribution agent, and ccnnmuiucation of the working key to the other station(s). 

This communicadon itself presmts a risk of the working key being insecure, and 
thisriskincreases with die frequency wiAwhidi the working key is Itisalso 

15 known to avoid this risk by using a PPK scheme for communication of a working key, 
and then to use the working key for data encryption. 

An object of this invention is to provide a method of facilitadng secure 
omtmunications in a disuitHidon network. 
Summary of die Invention 

20 One aspect of this invention provides a mednxi of fftcilitating secure 

conununications using eocrypdon aiKl decrypdm processes in a distribudra network 
comprising a coitral station aiKl a plurality of addressable end stations, in which 
communicadons from tte central stadon addressed to and intended for a pardcular end 
stadon are delivoed via the network to a plurality of end stations, vriierein the central 

25 stadcm has, and one or more ot the end stations can each have, a respective public and 
private key (PPK) of a PPK mcrypdon scheme, con^rising the steps of: 
(a) detcrmirung in communications between the central stadm and an end station 
whether the end stadon has a PPK, if so pn>ceeding widi step (b) and if not proceeding 
with step (c); 

30 (b) at the central station, determiiung the publk key (PK) of the etKi station, generating 
a working key (WK) for encryption of commuiucadons to the end station, encrypting the 
WK using the PK of die end station, and communicating die encrypted WK to the end 
stadon; at the end station, decrypting the WK using the private key of the end station; and 
proceeding with step (d); 

35 (c) at the end station, determining the puUic key (PK) of the central station, generating 
a working key (WK) for eitcryption of communications to the central stadon, encrypting 
the WK using the PK of the central station, and communicating the encrypted WK to the 
coitral station; at the cental station, decryi^ing the WK using the private key of the centra) 



station; and proceeding with step (d); 

(d) using the WK to encrypt at the ccntndsuuion, and to decrypt at die end station 
coiranunications from the central station to the cod station. 

Another aspect of this invention provides a mediod of faciUtating secure 
5 communications in a distribution network comprising a cenmd station and a plurality of 
addressable end stations, in which commuirications firom the central station addressed to 
and intended for a partcular end station are delivered via die networic to a plundity of end 

stations, whei«n the central station has a puWic and private key (PPK) of a PPK 
encryption scheme and each end station has an indivkiual kloitiiy (ID) and an indivkiual 

10 cryptographfcsignatureencryptedusingaprivatekeyofapredetcrminedPPKencry^ 
scheme, comprising the steps of: communicating the ID of an end station to the central 
station; at die end station, generating a woridng key (WK) for encryption of 
communications between the end station and dicccntral station and encrypting tiie WK 
using the publk key of d« central station; communkaaing the encrypted WKf^ 

15 station to die central statiom at die central station, decrypting the encrypted WK using ^ 
private key of die c«itnd station; connmunkating flic ayptographk: sip 
station to dicccntral station; and at die central station, decrypting die ciyptographk: 
sigmiture using a public key of die predetermined PPK scheme for audientication of die 

Old station. 
20 fttirf IVscripri^^ frf thft Drawines 

■nie invention will be furtficr understood from die following description wtth 

reference to die accompanying drawings, in which: 

Rg. 1 Ulustrates parts ofadistribotion network to whkA die invention is appUed; 

and 

25 Rg. 2 is a flow chart illustrating steps of a mediod for facilitating secure 

communications in die networic in accordance widi die invention, 
p^i ^^iled Description 

The invention is described below in dK context of a hybrid fiber-coax (HFC) 
distribution networic in which signals are distributed from a central station or head end 

30 (HE) to a large number of subscriber end stations (ES) via optical fibers and coaxial 

cables in known manner. An example of such a networic is described in Warwick United 
States Patent No. 5.408.259 issued April 18. 1995 and entided "Data Modulanon 
Arrangement For Selectively Distributing Data". Typkally in such a networic digital data 
communications are provided between any ES and die HE using asynchronous transfer 

35 mode (ATM) cells which are communicated in bodi directions. i.e. downstream from die 
HE to die ES and upstream from die ES to die HE, using suitable modulation schemes 
and carrier frequencies outside dw bands used for anatog television signals also carried on 
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the coaxial cables. However, k is observed that the invention is equally 
other forms q£ distiibuticm netwoik. 

Referring to Fig* 1» there is illustrated parts of a distribution netwdk in which 
many eml stations^ only two of which are shown and aic referenced 10 and 12, are 
S cormected via teanched cables 14 of the distribution netwmk to a head etid 16, via which 
the end stations have access to a network (not shown) which for exanq>Ie si^plks digital 
television piDgram signals subscribed to by end station subscribers. The cables 14 can 
ccmiprise both optical fiber and coaxial cables fomnng a hybrid fiber-coax arrangement, 
on whid) the digital signals can be communicated in known manner using ATM cdls. 

10 As can be apimciated from the illustration in Hg. 1, signals c<Hnmunicated by the 

headend 16andintaidedf(ffany partkndar ad station wiUactuaUy be delivered 
caUes 14 to all of the end stations. For secure and/or private comnumication of the 
signals, the head end 16 includes an encryption eiigirie 18 whidi encrypts the signals in 
accoitlanoe with a working key known only by the head end and the intended end station, 

IS whkh also includes an encryption engiiie 20 which decrypts the signals for use. These 
working keys are similariy used for communications in the opposite direction, from the 
end station to the head end 14. Tlie working of this synmieoic key encryption 
scheme are i^ovided in the bead end and the end station in a manner which is described in 
detail below, 

20 The end stations 10 and 12 are of two types, with differing Icvds of security to 

enable different securi^ needs of subscribers to be aocmmiodated. The end station 12 
represents a relatively secure end station, vfbkh includes its own public and private keys 
of a I^K encryption scheme. As explained in the introduction, such an end station has a 
relativeiy high complexity and cost, because of the need fcM- secure storage of die keys and 

25 operation of the PFK encryption* Odier end stations, which do not have their own public 
and private keys aiul accordingly can be provided at a much lower cost, are represented by 
the end station 10. The network as a whole may have an artmrary mix of these two types 
of end station. 

Each end station 10 or 12 also has an individual, unique identity number, which is 
30 stored (e.g. hard wired) into the ES during its manufacture. This is referred to as a global 
ID (identity). The global IDs of all of the end stations are stored in a database 22, which 
can be colocated with the headend 16or separaeely bom it and with which the headend 
16 communicates via a path 24. The head end 16 also has its own public and private keys 
of a PPK encryption scheme. 
35 Fig. 2 shows steps of a process which is followed in order to set up secure 

communications between the head end 1 6 and one of the end stations 10 or 12. This 
process takes place between the head end and the respective end station without 
involvement of any other node such as a central key distribution agent, and is described 
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below as being initiated in each case foUowing any reset (eg. following a powcr-up) of 
cither the head end 16 or the respective end stadoa ConsequenUy. die working key 
which is used for encrypting die communications between die head end and dw end 
station is changed on any reset However, die same process can alternatively or 
addidonally be caiiicd out on demand, and/or periodically to provide periodic changes of 
dieworidngkey. ft is also observed diat die enoypted communicadons take place 
bcn>»een die eooyption engines 1 8 in die head end 1 6 and 20 in die nsspecti 
10 or 12. and communications on die network access side of die head end 16 are not 

suligect to the same encsyption. 

In Rg. 2. a block 30 represents a reset of die head end (HE) or end station (ES). 
in response to which, as shown by a block 3 1 in Rg. 2. a dialog or handshake is earned 
out between dK5 HE and die ES to establish communications between diem. These 
communications are cfiected using unenciypted ATM cells using addresses of die end 
station anddiebeadend-Asapartofdris dialog, as shown by a block 32 in Rg. 2 die 
head end 16 imcirogales die end station to detcnnine whedier or not die end station has its 

own pubUc and private keys. If not, Le. if die end station is an end station 10 as 
described above, dien die process continues wirii successive blocks 33 to 38 in Rg. 2. If 
die interrogation establishes diat die end station is an end station 12 having its own public 
and private keys, dwn die process instead continues widt Mocks 39 to 44 in Rg. 2. 

In die former case of an end station 10. as shown by die block 33 die bead end 16 

communk»tes its public key (PK) to die end station 10; dus communication can forai part 
of die dialog block 31. The end station 10 randomly generates (block 34) a woridng key 
(WK) for communicating signals in a symmetric key encryption scheme, and encrypts 
(block 35) dus woridng key in accordance widi die supptied public key. sending die 
encrypted woridng key in a message to die head end 16. Hie head end 16 deaypts (Week 
36) die encrypted woridng key from tins message in accordance witii its private key. 
which is not known to otiiers so diat die communication of die woridng key from die end 
station 10 to die head end 16 is secure, and optionaUy but preferably sends an 
acknowledgement to die end station 10. As shown by die block 37. die head end 16 and 
die end station 10 dien load dieir encryption engines 18 and 20 respectively widi die 
woridng key. and dicreaftcr (until dus process is repeated, for example in response to a 
subsequent reset at eidier end) communications between tiiem nike place widi data 
encrypted in accoidance widi die woridng k^. An optional additional step represented by 
die Wock 38 provides for audientication of die end station 10 in a manner described 
below. 

Conversely, in die latter case of an end station 12. as shown by die Wock 39 die 
end station 12 communicates its public key (PK) to die head end 16; diis communication 
can form part of die dialog block 3 1. An optional audientication step for die end station 
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12 can be carried <mt by the head cmi 16 as rep re sen t e d 

described below. Tlic head end 16 randomly generates (block 41) a working key (WK) 
for conrununicating signals in a Qrmn«ric key enciypdon scheme, and enaypts (block 
42) this w<xking key in acccndance with the stq>plied public key of the end station 1 2, 
5 sending the encrypted w<Mrking key in a message to the end station 12, The end station 12 
decrypts (blodc 43) encrypted working key firom this message in i^otxiance with its 
private key, which is not known to others so dutt the ommmnicaiion of the working key 
torn the head end 16 to the end stadon 12 is secuie, and opdonaDy btit preferably sends 
an acknowledgement to the head end 18. As shown by tbe Uiock 44, die bead end 16 and 

10 die end station 12 then load their encryption engines 18 and W respectively with die 
working key, and dieieaflcr (until diis process is rq>eated« for exanq>le in response to a 
subsequent reset at either end) communicaticms between them take place with data 
encrypted in accordance widi the working k^. 

It can be seen from the above description that, in die relatively secure but more 

1 5 expensive situation in which die end station 12 includes its own public and private keys, 
these are used for communicating a working key generated in the head end, whereas in tbe 
other case dse end station 10 genCTates the working key and this is communicated to die 
head end using the latter's public key. 

Tbe optional step of authentication of the end station 12 in tbe block 40 as 

20 described above can make use of the glohallDcrf the end staticHi 12 togedier widi data in 
the database 22, in which dK puUk: key of the end station 12 is stored in association widi 
this global ID. As part of die dialog Uock 31, the end station communicates its global ID 
to the head end 16. In the step 40, therefore, the bead end 16 can communicate via the 
path 24 with the database 22 to confirm that the puUic key which it has received from the 

25 end station 12 in the step 39 matches that stored in die database 22 for diis end station's 
global ID, the subsequent stqps 41 to 44 only being followed if this audientication step is 
successful. 

Alternatively, or in addition, tte optional end station authentication step of block 
40 can comprise the stqis of the head end sending an unencrypted message to the end 

30 station 12 widi a request that it becryptograi^iically signed In accordance with this 
request, the end station 12 produces a digest of tbe message using a known hashing 
function (thereby reducing die data to be encrypted), encrypts this digest in accordance 
with its private key, and s«ds the encrypted message digest to the head aid 16. The head 
end 16 then decrypts this in accordance with the public key of the end station, retrieved 

35 from the database 22, to confmn the digest of its original message which the head end 
also produces using the hashing function. 

It can be seen that, alternatively, the steps nrpresrated by die blocks 39 and 40 in 
Fig. 2 could be replaced by a single step in which the head end 16 determines the public 
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keyof the end stttion 12 fmm die database 22 in acco^ 

station 12 supplied in the dialog 31 . without any authentication of the end stanon or any 

communication of the public key &wn the end station 1% 

m above sequences provide a paiticulariy strong or secure authenticauon of the 
cndstation 12. For the end stationlO which does not have its own pubtic and private 
keys aweaker but still valuable authentication can be provided as shown by the block 38. 
•n»e «tfbentication block 38 is shown in Rg. 2 as the final block in the piocess because 
this enables the exchange of data in the audienticatioo process to be encrypted in 
accordance wiA the working key. but this authentication step coukJ alternatively be 
provided anywhere else in the sequence of steps ftom the blocks 31 to 37. 

For this optional authentication step, the end station 10 is manufecoired (eg. hard 
wired) with not only its global ID. but also a cryptographic signature. Conveniently, the 
end station 10 is manufactared widi a certificate comprising data including the global ID of 
die «! station and the pubUc key of d»e rnantifactuitx and a ayptographic signanne 

comprising an encryption, in accoriance with the private key of die manufacturer, of a 
digest of that data produced using a known hashing function. TTie public key of the 
manufacturcrcanalsoorinsteadbestai«iinthedatabase22. Tlie optional end station 

authentication step of Ae block 38 comprises a communication of the oyptogiaphic 
signanire fhmi the end station 10 to the head end 16 (as explained above this coufcJ be a 

part of the dialog 31 or any later step, but the eoayption after the block 37 obstructs 
public obsavation in the network of cryptographic signaones). TTie head end 16 then 
confirms the authenticity of the end station 10 by deoypting the oyptographic signaone 
using the manufacturer's pubUc key. producing a digest ftom die same data (i^obal ID and 
pubUc key, both of which can be wmmunicated in the dialog step 3 1 or later) and the 
known hashing function, and matching tiiese. 

Hus is a relatively weak authentication, in that identical copies of the end sution 
10, including dupUcated data and cryptographic signaones, couU operate at different 
times on the networic without this being detected. However, simultaneous operation of 
two or more such duplicates would be detected by tiie fact tiiat two or more end stations 

would be supplying the same global ID which is supposedly unique. Tlius even such a 
weak autfientication is valuable especially in detecting illicit large-scale duplication of end 
stations. 

The processes in accordance with the invention as described above provide a 
number of significant advantages over known configurations. In paiucular. requirements 
for secure storage of public and private keys are minimized in the networic as a whole, and 
eliminated for the end stations 10 which can accordingly be provided at relatively lower 
cost At the same time, end stations 12 witii greater security can be provided, and die 
head end 16 can operate simultaneously with both types of end station. This, combined 
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with opdonal authentication of the end stations as described above, enables different 
degrees of security to be easily provided in the network in accordance with service 
requiiements. 

Futthermore, renewal of the working keys at reset is sin^ler than providing time- 
based schedules for changing encryption keys, and key exchanges take place only 
between the head end and the end station whidi use the keys, thereby enhancing security 
compared with distribution of keys from a key distribution agent In addition, all crf^ the 
data flowing between die head end and any pattkndarcnd stadon 10 or 12, between 
successive resets, can be encrypted using a single working key, thereby sxnq>li^dng the 
encryption and decryption processes. However, it is observed that different working 
k^s could be generated, conimunu:aied, aiid iised in the sanie rnanner as descriM 
for encrypting and decrypting different types of information, or different services, for a 
single Old station 10 or 12. 

Although particular embodiments of the invention have been described in detail, it 
sbouk) be appreciated that numerous modifications, variatims, and adaptations may be 
made without departing from the scope of the invention as defined in the claims. 
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WHAT IS CLAIMED IS: 

1 . A method of facilitating secure communications using encryption and ctecryption 
pix)cesses in a distribution netwwk comprising a central station and a plurality of 
addressable end stations, in which communications finom the central station addressed to 

5 and intended for a particular end station arc delivered via die networic to a plurality of end 
stations, wherein the central station has, and one more <rf the end stations can each have, 
a respective public and private key (PPK) of a PPK encryption scheme, comprising the 
steps of: 

(a) detemiining in communications between the central station and an end station 
10 whether the end station has a PPK, if so proceeding widi step (b) and if not proceeding 

widi step (c); 

(b) at the central station, detemiining the public key (PK) of end station, gaicrating 
a working key (WK) fot eoCTyption of communications to the end station, encrypting dw 
WK using the PK of the end station, and conmunicating die encrypted WK to the end 

1 5 station; at die end stati<m, (tecrypting die WK using die private key of die end station; and 
proceeding vn± step (d); 

(c) at die end station, determining die puWk key (PK) of die central station, generating 
a working key (WK) for encryption of omimumcations to die central station, encrypting 
die WK using die PK of die central station, and conwiunicating die encrypted WK to die 

20 central station; at die caitral station, decrypting die WK udng die private key of die central 
station; and pHweeding with stsqp (d); 

(d) using die WK to encrypt at die central station, and to decrypt at die end station, 
communications from the central station to die end station. 

2. A mcdiod as claimed in claim 1 wherein each end station has an individual identity 
25 (ID) and step (a) includes die step of communicating dielDofdicendstationiodie central 

station. 

3. A nethod as claimed in claim 2 wherein in step (b) the PK of die end station is 
determined by die central station from a database using die ID of die end station. 

4. A inediod as claimed in claim 1, 2, or 3 wherein step (b) furtter comiHises an end 
30 station audicntication step conqiriang the steps of corranunicaring an unencrypted 

message from die central station to die end station, producing an encrypted message at the 
end station using the private key of die end station, conmunicating die encrypted message 
to die central station, decrypting die message at the central station using die PK of die end 
station, and comparing the decrypted message with the original message. 

35 5 . A mcdiod as claimed in claim 4 wherein in step (b) die end station audicntication 
step is carried out before die step of communicating die encrypted WK to die end station. 
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6. A method as claimed in any of claims 1 to S whoiein in stq> (b) the PK of the end 
station is communicated to the central station from the end station. 

7. A mediod as claimed in claims 2 and 6 wherein in step (b) the PK of the end 
station is verified by the central station from a database using the ID of the end station. 

S 8, A method as claimed in any of claims 1 to 7 wherein a plurality of end stations 
wiiich do not have a PPK each have an individual ciyptogFq)hic signature encrypted using 
a private key of a predetermined PPK scheme, step (a) or (c) includes the step of 
communicating Ae ciyptographic signature of the end staticm to the central station, and 
step (c) further conqmses an end station audientication step comfHising, at the central 
10 statioi^ decrypting the cryptographic signature using a public key of die predetcrminod 
PPK scheme. 

9. A method as claimed in claims 2 and 8 wherein die iodivklual cryptographic 
signature conqnises an encryption of data cterived from die ID of the respective end 
station. 

15 10* Aniethodasclaiznedincldm8or9\4ieretnthepredetentiinedI^schemeu$^ 
a private key and a public key of a source of die end stati<m. 

11. A method as claimed in claim 8, 9, or 10 wherdn theciyptogr^hic signature is 
ccmmunicated to the central statim in step (c). 

12. A m^od as claimed in claim 1 1 and including the steps of encrypting tte 

20 cryptogn^hic ^gnature at the end station, and decrypting die encrypted cryptographic 
signature at the central station, using die WK. 

13. A mediod as claimed in any of claims 1 to 12 and further con^rising the step of 
using the WK to encrypt at tl^end staticm, and to decrypt at the central station, 
communications from the end station to the central station. 

25 14. A method of facilitating secure communications in a distribution network 
comprising a central station and a plurality of addressable end stations, in which 
communications from the central station adkbessed to and intended for a particular end 
station are delivered via the network to a plurality of end stations, wherein the central 
station has a pubUc and private key (PPK) of a PPK encryption scheme and each end 

30 station has an individual identity (ID) and an individual cryptographic signature encrypted 
using a private key of a predetermined PPK encryption scheme, comprising the steps of: 
communicating the ID of an end station to the central station; 
at the end station, generating a working key (WK) for encryption of 
communications between the end station and the central station and encrypting the WK 
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using the puWic key of Ihc central station; 

communicaunp the encrypted WK from the end siauon u^ die centnd siaUon; 

ai ihc ceninil station, decrypting the encrypted WK using the private key of the 
central station; 

5 communicaung the cryptographic signalurc of the end staUon to the central station; 

and 

at the central station, decrypting the cryptographic signature using a public key of 
the predetermined PPK scheme for authenUcation of the end station. 

15. A meihixl a.s claimed in claim 14 wherein the individual cryptographic signature 
10 comprises an encryption of data derived from the m of the re.speciive end siation. 

1 6. A method as claimed in ckiim 14 or 15 wherein the predetermined PPK scheme 
uses a private key and a public key of a source of the end station. 

17. A method as claimed in claim 14, 15. or 16 wherein the step of communicating the 
cryptographic .signature of the end .station to the central station compri.ses the sieps of 

15 encrypting the cryptographic signature at the end siauon using the WK, communicating 
die encrypted cryptographic signature from the end siauon to ihe central .stotion, and 
decrypting the encrypted crypuigraphic signawre at dw: central sution using the WK. 

1 8. A melhtxi of facilitating secure communications in a di.sUihution netwotic, 
subsuniially as hereinbefore described with reference to Figs 1 and 2 of the 

2t) accompanying drawings. 



PaBtiOTt 

Ofiioe 

ApplicatioD No: GB 9700921.1 Examinen Mr B J Spear 

Claims searched: 1-13 Date of search: 19 March 1997 

Patents Act 1977 

Search Report under Section 17 

Databases searched: 

UK Patort Office collections, including GB, EP, WO & US patent q)ecifications, in: 
UK CI (Ed.O): H4P (PDCSC) 
Int a (Ed.6): H04L 9/30 
Other OnUnc: WPI, INSPEC 



Documents considered to be rdevant: 



Category 


Identity of document and relevant passage 


Relevsst 
to claims 




NONE 





X Documeoi indiMling Uck of Dovchy or tweolivc ncp A Docunett ki£cM^ toctmokjgical bKfcfiound «nd/or lUte of the tn. 

Y Document tndic«tine lack of invective ttcp tf combined F Document publiibed on or after ihc declared priority daie bm before 

witb one or more other documeou of nmc caietofy. the filing date of thb hiveniioa. 

E pHeM documeal pubHriwd oo or afkcr, but witb priority date earlier 

A Mcrr^r of the tame pateia faioily than, ihc Crtng dale of thia appticatkw. 



An Exrcucivc Agcnry of the DcpartTnem of Trade and Industry 




Offioe 



Applkation No: 
Claihns searched: 



GB 9700921.1 
14-17 



Examiner: 
Date of search: 



Mr B J Spear 
21 May 1997 



Batents Act 1977 

Further Search Report under Section 17 
Databases searched: 



UK Patent Office collections, including GB, BP, WO & US patent specifications, in: 
UKCl(Ed.O): H4P (PDCSA) 
Int a (Ed.6): H04L 9A32 
Other: Online: WPI, INSPEC 



Documents conddered to be relevant: 



Category 


Identity of document and relevant passage 


Relevant 

tocUiins 


A 
A 


EP0328232A2 (Fischer) 
WO 95/23468A1 (Merdan) 





X 


Docunm bd'tctting UcL of oovelty or invettive mep 


A 


DDcameai ^^^^ ttchaotoyicil background «od/or lUtc of ibe tn. 


Y 


Docuracfli indtcitif^ Icck of isvetttivc ttep if cofrtbiaed 


P 


Doctneal p4r4rT***** oq or after the declared prioray date bui before 




with ooe or men other doctimenKJ of Mine cMegocy. 




the Qiog date of thk mventioti. 






E 


fteeai docciaua puNubed on or after, but with prtorUy date eariicr 




Meinber of the ttme patent hirSfy 




than, the fUi^f date of this appltcatkn. 



An Executive Agency of the Deparrment of Trade and Induscrv^ 



